PostgreSQL -- Security Fixes for Regular Expressions, PL/Java.

Details

VuXML ID

e8b6605b-d29f-11e5-8458-6cc21735f730

Discovery

2016-02-08

Entry

2016-02-12

PostgreSQL project reports:

Security Fixes for Regular Expressions, PL/Java

CVE-2016-0773: This release closes security hole CVE-2016-0773,
an issue with regular expression (regex) parsing. Prior code allowed
users to pass in expressions which included out-of-range Unicode
characters, triggering a backend crash. This issue is critical for
PostgreSQL systems with untrusted users or which generate regexes
based on user input.

CVE-2016-0766: The update also fixes CVE-2016-0766, a privilege
escalation issue for users of PL/Java. Certain custom configuration
settings (GUCS) for PL/Java will now be modifiable only by the
database superuser